diff options
author | jww <jww@chromium.org> | 2016-01-19 12:58:59 -0800 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-01-19 21:00:05 +0000 |
commit | 9d4ca2d9838b5f33bdb3f8fcfb8ef381d449b2a1 (patch) | |
tree | de4a8023b873b15472be476ce3240c60d11db100 /android_webview | |
parent | 5dc7e9437e00c35c6fa2d30f365824b8f96b778b (diff) | |
download | chromium_src-9d4ca2d9838b5f33bdb3f8fcfb8ef381d449b2a1.zip chromium_src-9d4ca2d9838b5f33bdb3f8fcfb8ef381d449b2a1.tar.gz chromium_src-9d4ca2d9838b5f33bdb3f8fcfb8ef381d449b2a1.tar.bz2 |
Removal of geolocation APIs on insecure origins
This disallows the geolocation APIs getCurrentPosition() and
watchPosition() from being used on insecure origins. Adds a console
warning message that the API call has failed because of this.
Note that this is a re-land of
https://codereview.chromium.org/1485973002/. See that CL for full
discussion.
BUG=520765, 561641
TBR=thestig@chromium.org,sgurun@chromium.org,philipj@opera.com,mlamouri@chromium.org
Review URL: https://codereview.chromium.org/1530403002
Cr-Commit-Position: refs/heads/master@{#370185}
Diffstat (limited to 'android_webview')
-rw-r--r-- | android_webview/javatests/src/org/chromium/android_webview/test/GeolocationTest.java | 24 | ||||
-rw-r--r-- | android_webview/native/aw_settings.cc | 4 |
2 files changed, 16 insertions, 12 deletions
diff --git a/android_webview/javatests/src/org/chromium/android_webview/test/GeolocationTest.java b/android_webview/javatests/src/org/chromium/android_webview/test/GeolocationTest.java index 3fddb02..efc827f 100644 --- a/android_webview/javatests/src/org/chromium/android_webview/test/GeolocationTest.java +++ b/android_webview/javatests/src/org/chromium/android_webview/test/GeolocationTest.java @@ -123,8 +123,8 @@ public class GeolocationTest extends AwTestBase { @Feature({"AndroidWebView"}) public void testGetPosition() throws Throwable { initAwContents(new GrantPermisionAwContentClient()); - loadDataSync(mAwContents, mContentsClient.getOnPageFinishedHelper(), - RAW_HTML, "text/html", false); + loadDataWithBaseUrlSync(mAwContents, mContentsClient.getOnPageFinishedHelper(), RAW_HTML, + "text/html", false, "https://google.com/", "about:blank"); mAwContents.evaluateJavaScriptForTests("initiate_getCurrentPosition();", null); @@ -151,8 +151,8 @@ public class GeolocationTest extends AwTestBase { @Feature({"AndroidWebView"}) public void testWatchPosition() throws Throwable { initAwContents(new GrantPermisionAwContentClient()); - loadDataSync(mAwContents, mContentsClient.getOnPageFinishedHelper(), - RAW_HTML, "text/html", false); + loadDataWithBaseUrlSync(mAwContents, mContentsClient.getOnPageFinishedHelper(), RAW_HTML, + "text/html", false, "https://google.com/", "about:blank"); mAwContents.evaluateJavaScriptForTests("initiate_watchPosition();", null); @@ -169,8 +169,8 @@ public class GeolocationTest extends AwTestBase { public void testPauseGeolocationOnPause() throws Throwable { initAwContents(new GrantPermisionAwContentClient()); // Start a watch going. - loadDataSync(mAwContents, mContentsClient.getOnPageFinishedHelper(), - RAW_HTML, "text/html", false); + loadDataWithBaseUrlSync(mAwContents, mContentsClient.getOnPageFinishedHelper(), RAW_HTML, + "text/html", false, "https://google.com/", "about:blank"); mAwContents.evaluateJavaScriptForTests("initiate_watchPosition();", null); @@ -228,8 +228,8 @@ public class GeolocationTest extends AwTestBase { }); // Start a watch going. - loadDataSync(mAwContents, mContentsClient.getOnPageFinishedHelper(), - RAW_HTML, "text/html", false); + loadDataWithBaseUrlSync(mAwContents, mContentsClient.getOnPageFinishedHelper(), RAW_HTML, + "text/html", false, "https://google.com/", "about:blank"); mAwContents.evaluateJavaScriptForTests("initiate_watchPosition();", null); @@ -265,8 +265,8 @@ public class GeolocationTest extends AwTestBase { } }); - loadDataSync(mAwContents, mContentsClient.getOnPageFinishedHelper(), - RAW_HTML, "text/html", false); + loadDataWithBaseUrlSync(mAwContents, mContentsClient.getOnPageFinishedHelper(), RAW_HTML, + "text/html", false, "https://google.com/", "about:blank"); getInstrumentation().runOnMainSync(new Runnable() { @Override @@ -282,8 +282,8 @@ public class GeolocationTest extends AwTestBase { @SmallTest public void testDenyAccessByDefault() throws Throwable { initAwContents(new DefaultPermisionAwContentClient()); - loadDataSync(mAwContents, mContentsClient.getOnPageFinishedHelper(), - RAW_HTML, "text/html", false); + loadDataWithBaseUrlSync(mAwContents, mContentsClient.getOnPageFinishedHelper(), RAW_HTML, + "text/html", false, "https://google.com/", "about:blank"); mAwContents.evaluateJavaScriptForTests("initiate_getCurrentPosition();", null); diff --git a/android_webview/native/aw_settings.cc b/android_webview/native/aw_settings.cc index a8dc571..3ba4ac5 100644 --- a/android_webview/native/aw_settings.cc +++ b/android_webview/native/aw_settings.cc @@ -433,6 +433,10 @@ void AwSettings::PopulateWebPreferencesLocked(JNIEnv* env, Java_AwSettings_getFullscreenSupportedLocked(env, obj); web_prefs->record_whole_document = Java_AwSettings_getRecordFullDocument(env, obj); + + // TODO(jww): This should be removed once sufficient warning has been given of + // possible API breakage because of disabling insecure use of geolocation. + web_prefs->allow_geolocation_on_insecure_origins = true; } static jlong Init(JNIEnv* env, |