[Extensions] Support webRequest.onAuthRequired in MV3 [chromium/src : main]

783 views
Skip to first unread message

Devlin Cronin (Gerrit)

unread,
Sep 30, 2022, 5:20:56 AM9/30/22
to David Bertoni, asvitkine...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org, ipc-securi...@chromium.org, Devlin Cronin

Attention is currently required from: David Bertoni.

Devlin Cronin would like David Bertoni to review this change.

View Change

[Extensions] Support webRequest.onAuthRequired in MV3

Add support for webRequest.onAuthRequired in Manifest V3. Unlike many of
the other use cases handled in webRequest, handling onAuthRequired
doesn't lend itself to a declarative model.

Instead, introduce a new permission, `webRequestAuthProvider`, that
extensions can use if they want to handle the webRequest.onAuthRequired
event with a blocking (or asyncBlocking) listener. Like
`webRequestBlocking`, this permission does not add a new warning, as its
functionality is covered by the warning for the host permission (which
the extension requires in order to intercept the calls).

Add the new permission and wire up the functionality in the webRequest
API, adding tests for both MV3 extensions with and without the new
permission (where it is expected to fail without the new permission).

More details in the design doc here:
https://docs.google.com/document/d/1iNonK6pgl9U5BTELR3iumfOU6TbirmC--a3GkIjUbfc/edit#

Bug: 1135492
Change-Id: Ib6bbde135014e46b12e186c24197b628622d30bf
---
M chrome/browser/extensions/api/web_request/web_request_apitest.cc
M chrome/common/extensions/permissions/permission_set_unittest.cc
M extensions/browser/api/web_request/web_request_api.cc
M extensions/common/api/_permission_features.json
M extensions/common/mojom/api_permission_id.mojom
M extensions/common/permissions/extensions_api_permissions.cc
M tools/metrics/histograms/enums.xml
7 files changed, 202 insertions(+), 6 deletions(-)


To view, visit change 3923277. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: Ib6bbde135014e46b12e186c24197b628622d30bf
Gerrit-Change-Number: 3923277
Gerrit-PatchSet: 3
Gerrit-Owner: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Chromium Metrics Reviews <chromium-met...@google.com>
Gerrit-Attention: David Bertoni <dber...@chromium.org>
Gerrit-MessageType: newchange

Devlin Cronin (Gerrit)

unread,
Sep 30, 2022, 5:22:29 AM9/30/22
to Devlin Cronin, asvitkine...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org, ipc-securi...@chromium.org, David Bertoni, Tricium, Findit, Chromium LUCI CQ, Chromium Metrics Reviews, chromium...@chromium.org

Attention is currently required from: David Bertoni.

View Change

2 comments:

  • Patchset:

To view, visit change 3923277. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: Ib6bbde135014e46b12e186c24197b628622d30bf
Gerrit-Change-Number: 3923277
Gerrit-PatchSet: 3
Gerrit-Owner: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Chromium Metrics Reviews <chromium-met...@google.com>
Gerrit-Attention: David Bertoni <dber...@chromium.org>
Gerrit-Comment-Date: Fri, 30 Sep 2022 09:20:52 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Gerrit-MessageType: comment

David Bertoni (Gerrit)

unread,
Oct 3, 2022, 3:06:47 PM10/3/22
to Devlin Cronin, asvitkine...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org, ipc-securi...@chromium.org, Tricium, Findit, Chromium LUCI CQ, Chromium Metrics Reviews, chromium...@chromium.org

Attention is currently required from: Devlin Cronin.

Patch set 3:Code-Review +1

View Change

4 comments:

  • Patchset:

  • File chrome/browser/extensions/api/web_request/web_request_apitest.cc:

  • File extensions/browser/api/web_request/web_request_api.cc:

    • Patch Set #3, Line 2849:

            bool is_auth_event = event_name == keys::kOnAuthRequiredEvent;
      if (is_auth_event && extension->permissions_data()->HasAPIPermission(
      APIPermissionID::kWebRequestAuthProvider)) {
      return true;
      }

      return false;

      Nit: Since we seem to love early returns in Chrome:

      ````c
      if (event_name != keys::kOnAuthRequiredEvent)
      return false;

      return extension->permissions_data()->HasAPIPermission(
      APIPermissionID::kWebRequestAuthProvider);
      ````

      That seems more concise to me.
  • File extensions/common/permissions/extensions_api_permissions.cc:

    • Patch Set #3, Line 165: {APIPermissionID::kWebRequestAuthProvider, "webRequestAuthProvider"},

      Nit: This isn't in alpha order like the rest of the permissions.

To view, visit change 3923277. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: Ib6bbde135014e46b12e186c24197b628622d30bf
Gerrit-Change-Number: 3923277
Gerrit-PatchSet: 3
Gerrit-Owner: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Chromium Metrics Reviews <chromium-met...@google.com>
Gerrit-Attention: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Comment-Date: Mon, 03 Oct 2022 19:05:00 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment

Devlin Cronin (Gerrit)

unread,
Oct 4, 2022, 8:10:19 AM10/4/22
to Devlin Cronin, asvitkine...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org, ipc-securi...@chromium.org, David Bertoni, Tricium, Findit, Chromium LUCI CQ, Chromium Metrics Reviews, chromium...@chromium.org

View Change

4 comments:

  • Patchset:

  • File chrome/browser/extensions/api/web_request/web_request_apitest.cc:

    • that's actually not quite as clean IMO, because right now we're using the object initialization that sets `authCredentials` as a property + value on the object. Inlining it would make it:

      ```
      callback(
      {
      authCredentials: {username: 'foo', password: 'secret'}
      });
      ```

      Which I think is a bit clunkier

  • File extensions/browser/api/web_request/web_request_api.cc:

    • Patch Set #3, Line 2849:

            bool is_auth_event = event_name == keys::kOnAuthRequiredEvent;
      if (is_auth_event && extension->permissions_data()->HasAPIPermission(
      APIPermissionID::kWebRequestAuthProvider)) {
      return true;
      }

      return false;

    • Nit: Since we seem to love early returns in Chrome: […]

      if we're going for concise, we can just combine the name and permission check in the return statement; done.

  • File extensions/common/permissions/extensions_api_permissions.cc:

    • Patch Set #3, Line 165: {APIPermissionID::kWebRequestAuthProvider, "webRequestAuthProvider"},

      Nit: This isn't in alpha order like the rest of the permissions.

    • Whoops! Fixed

To view, visit change 3923277. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: Ib6bbde135014e46b12e186c24197b628622d30bf
Gerrit-Change-Number: 3923277
Gerrit-PatchSet: 4
Gerrit-Owner: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Chromium Metrics Reviews <chromium-met...@google.com>
Gerrit-Comment-Date: Tue, 04 Oct 2022 12:08:53 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: David Bertoni <dber...@chromium.org>
Gerrit-MessageType: comment

Devlin Cronin (Gerrit)

unread,
Oct 4, 2022, 8:10:31 AM10/4/22
to Alex Gough, asvitkine...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org, ipc-securi...@chromium.org, Devlin Cronin, David Bertoni

Attention is currently required from: Alex Gough.

Devlin Cronin would like Alex Gough to review this change.

View Change

7 files changed, 199 insertions(+), 6 deletions(-)


To view, visit change 3923277. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: Ib6bbde135014e46b12e186c24197b628622d30bf
Gerrit-Change-Number: 3923277
Gerrit-PatchSet: 4
Gerrit-Owner: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Reviewer: Alex Gough <aj...@chromium.org>
Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Chromium Metrics Reviews <chromium-met...@google.com>
Gerrit-Attention: Alex Gough <aj...@chromium.org>
Gerrit-MessageType: newchange

Devlin Cronin (Gerrit)

unread,
Oct 4, 2022, 8:10:33 AM10/4/22
to Devlin Cronin, asvitkine...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org, ipc-securi...@chromium.org, David Bertoni, Tricium, Findit, Chromium LUCI CQ, Chromium Metrics Reviews, chromium...@chromium.org

Patch set 4:Auto-Submit +1

View Change

1 comment:

  • Patchset:

To view, visit change 3923277. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: Ib6bbde135014e46b12e186c24197b628622d30bf
Gerrit-Change-Number: 3923277
Gerrit-PatchSet: 4
Gerrit-Owner: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Chromium Metrics Reviews <chromium-met...@google.com>
Gerrit-Comment-Date: Tue, 04 Oct 2022 12:09:17 +0000

Devlin Cronin (Gerrit)

unread,
Oct 4, 2022, 8:11:48 AM10/4/22
to Devlin Cronin, asvitkine...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org, ipc-securi...@chromium.org, Alex Gough, David Bertoni, Tricium, Findit, Chromium LUCI CQ, Chromium Metrics Reviews, chromium...@chromium.org

Attention is currently required from: Alex Gough.

View Change

1 comment:

  • Patchset:

    • Patch Set #4:

      Wow, Gerrit is having issues...

      Alex, mind taking a look at the mojom?

To view, visit change 3923277. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: Ib6bbde135014e46b12e186c24197b628622d30bf
Gerrit-Change-Number: 3923277
Gerrit-PatchSet: 4
Gerrit-Owner: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Reviewer: Alex Gough <aj...@chromium.org>
Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Chromium Metrics Reviews <chromium-met...@google.com>
Gerrit-Attention: Alex Gough <aj...@chromium.org>
Gerrit-Comment-Date: Tue, 04 Oct 2022 12:10:27 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Gerrit-MessageType: comment

Findit (Gerrit)

unread,
Oct 4, 2022, 8:41:39 AM10/4/22
to Devlin Cronin, asvitkine...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org, ipc-securi...@chromium.org, Alex Gough, David Bertoni, Tricium, Chromium LUCI CQ, Chromium Metrics Reviews, chromium...@chromium.org

Attention is currently required from: Alex Gough.

View Change

1 comment:

  • File extensions/browser/api/web_request/web_request_api.cc:

    • Robot Comment from Chromium Coverage Checker (run ID chromium/src~3923277~4):

      Patch Set #4:

      Incremental Coverage (All Tests) for this file is below 80 %. Please add tests for uncovered lines.

To view, visit change 3923277. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: Ib6bbde135014e46b12e186c24197b628622d30bf
Gerrit-Change-Number: 3923277
Gerrit-PatchSet: 4
Gerrit-Owner: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Reviewer: Alex Gough <aj...@chromium.org>
Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Chromium Metrics Reviews <chromium-met...@google.com>
Gerrit-Attention: Alex Gough <aj...@chromium.org>
Gerrit-Comment-Date: Tue, 04 Oct 2022 12:40:16 +0000

Devlin Cronin (Gerrit)

unread,
Oct 4, 2022, 10:14:10 AM10/4/22
to Devlin Cronin, asvitkine...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org, ipc-securi...@chromium.org, Alex Gough, David Bertoni, Tricium, Findit, Chromium LUCI CQ, Chromium Metrics Reviews, chromium...@chromium.org

Attention is currently required from: Alex Gough.

View Change

1 comment:

  • File extensions/browser/api/web_request/web_request_api.cc:

    • Patch Set #4:

      I don't believe you, FindIt.

      The added lines are all tested in the newly added browser tests, which is supported by Gerrit not showing any un-covered lines in this section.

To view, visit change 3923277. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: Ib6bbde135014e46b12e186c24197b628622d30bf
Gerrit-Change-Number: 3923277
Gerrit-PatchSet: 4
Gerrit-Owner: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Reviewer: Alex Gough <aj...@chromium.org>
Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Chromium Metrics Reviews <chromium-met...@google.com>
Gerrit-Attention: Alex Gough <aj...@chromium.org>
Gerrit-Comment-Date: Tue, 04 Oct 2022 14:12:27 +0000

Alex Gough (Gerrit)

unread,
Oct 4, 2022, 2:13:08 PM10/4/22
to Devlin Cronin, asvitkine...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org, ipc-securi...@chromium.org, Alex Gough, David Bertoni, Tricium, Findit, Chromium LUCI CQ, Chromium Metrics Reviews, chromium...@chromium.org

Attention is currently required from: Devlin Cronin.

Patch set 4:Code-Review +1Commit-Queue +2

View Change

1 comment:

To view, visit change 3923277. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: Ib6bbde135014e46b12e186c24197b628622d30bf
Gerrit-Change-Number: 3923277
Gerrit-PatchSet: 4
Gerrit-Owner: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Reviewer: Alex Gough <aj...@chromium.org>
Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Chromium Metrics Reviews <chromium-met...@google.com>
Gerrit-Attention: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Comment-Date: Tue, 04 Oct 2022 18:11:50 +0000

Chromium LUCI CQ (Gerrit)

unread,
Oct 4, 2022, 2:19:25 PM10/4/22
to Devlin Cronin, asvitkine...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org, ipc-securi...@chromium.org, Alex Gough, David Bertoni, Tricium, Findit, Chromium Metrics Reviews, chromium...@chromium.org

Chromium LUCI CQ submitted this change.

View Change


Approvals: David Bertoni: Looks good to me Alex Gough: Looks good to me; Commit Devlin Cronin: Send CL to CQ automatically after approval
[Extensions] Support webRequest.onAuthRequired in MV3

Add support for webRequest.onAuthRequired in Manifest V3. Unlike many of
the other use cases handled in webRequest, handling onAuthRequired
doesn't lend itself to a declarative model.

Instead, introduce a new permission, `webRequestAuthProvider`, that
extensions can use if they want to handle the webRequest.onAuthRequired
event with a blocking (or asyncBlocking) listener. Like
`webRequestBlocking`, this permission does not add a new warning, as its
functionality is covered by the warning for the host permission (which
the extension requires in order to intercept the calls).

Add the new permission and wire up the functionality in the webRequest
API, adding tests for both MV3 extensions with and without the new
permission (where it is expected to fail without the new permission).

More details in the design doc here:
https://docs.google.com/document/d/1iNonK6pgl9U5BTELR3iumfOU6TbirmC--a3GkIjUbfc/edit#

Bug: 1135492
Change-Id: Ib6bbde135014e46b12e186c24197b628622d30bf
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3923277
Auto-Submit: Devlin Cronin <rdevlin...@chromium.org>
Commit-Queue: Alex Gough <aj...@chromium.org>
Reviewed-by: David Bertoni <dber...@chromium.org>
Reviewed-by: Alex Gough <aj...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1054834}

---
M chrome/browser/extensions/api/web_request/web_request_apitest.cc
M chrome/common/extensions/permissions/permission_set_unittest.cc
M extensions/browser/api/web_request/web_request_api.cc
M extensions/common/api/_permission_features.json
M extensions/common/mojom/api_permission_id.mojom
M extensions/common/permissions/extensions_api_permissions.cc
M tools/metrics/histograms/enums.xml
7 files changed, 205 insertions(+), 6 deletions(-)


To view, visit change 3923277. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: Ib6bbde135014e46b12e186c24197b628622d30bf
Gerrit-Change-Number: 3923277
Gerrit-PatchSet: 5
Gerrit-Owner: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-Reviewer: Alex Gough <aj...@chromium.org>
Gerrit-Reviewer: Chromium LUCI CQ <chromiu...@luci-project-accounts.iam.gserviceaccount.com>
Gerrit-Reviewer: David Bertoni <dber...@chromium.org>
Gerrit-Reviewer: Devlin Cronin <rdevlin...@chromium.org>
Gerrit-CC: Chromium Metrics Reviews <chromium-met...@google.com>
Gerrit-MessageType: merged
Reply all
Reply to author
Forward
0 new messages