Issue 658732 link

Starred by 1 user

Issue metadata

Status:	Fixed
Owner:	vasi...@chromium.org
Closed:	Oct 2016
Cc:	battre@chromium.org
Components:	Privacy UI>Browser>Passwords
EstimatedDays:	----
NextAction:	----
OS:	Linux , Android , Windows , Chrome , Mac
Pri:	3
Type:	Bug

Blocking:
issue 400674

Credential Manager API should be suppressed for prerendered pages

Project Member Reported by vasi...@chromium.org, Oct 24 2016

Issue description

Version: 55.0.2883.21
OS: all
What steps will reproduce the problem?
(1) Open chrome://password-manager-internals/
(2) Google for "pinterest"
(3) Wait for a few seconds and observe the log in chrome://password-manager-internals/ and the Chrome task manager.

There is a prerenderer tab for pinterest. In that tab the site tried to get a credential from the browser. If you have a valid autosignin credential then we'd return it back to the site.

In the similar cases the prerenderer destroys the tab if
- the page uses JS alert(), or
- the page uses an audio stream, or
- the site requires HTTP auth in LoginHandler::ShowLoginPrompt. This is a  twin scenario.

CM API should be handled similarly.

Project Member

Comment 1 by bugdroid1@chromium.org, Oct 25 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9fd65516a78385714d4d6740134b4a51c7eb5bab

commit 9fd65516a78385714d4d6740134b4a51c7eb5bab
Author: vasilii <vasilii@chromium.org>
Date: Tue Oct 25 12:32:24 2016

Strengthen the rules when the Credential Manager API is disabled.

The CL just removes the custom conditions in CredentialManagerImpl and reuses the methods used for autofill.

BUG= 658732 

Review-Url: https://codereview.chromium.org/2447813002
Cr-Commit-Position: refs/heads/master@{#427327}

[modify] https://crrev.com/9fd65516a78385714d4d6740134b4a51c7eb5bab/components/password_manager/content/browser/credential_manager_impl.cc
[modify] https://crrev.com/9fd65516a78385714d4d6740134b4a51c7eb5bab/components/password_manager/content/browser/credential_manager_impl.h
[modify] https://crrev.com/9fd65516a78385714d4d6740134b4a51c7eb5bab/components/password_manager/content/browser/credential_manager_impl_unittest.cc

Project Member

Comment 2 by bugdroid1@chromium.org, Oct 27 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7926e90cb2f6b25fd19ed9a4e37bbbd0e37b3845

commit 7926e90cb2f6b25fd19ed9a4e37bbbd0e37b3845
Author: vasilii <vasilii@chromium.org>
Date: Thu Oct 27 12:54:12 2016

Stop prerendering of a site if it uses the Credential Manager API.

BUG= 658732 

Review-Url: https://codereview.chromium.org/2447143002
Cr-Commit-Position: refs/heads/master@{#428007}

[modify] https://crrev.com/7926e90cb2f6b25fd19ed9a4e37bbbd0e37b3845/chrome/browser/password_manager/chrome_password_manager_client.cc
[modify] https://crrev.com/7926e90cb2f6b25fd19ed9a4e37bbbd0e37b3845/chrome/browser/password_manager/chrome_password_manager_client.h
[modify] https://crrev.com/7926e90cb2f6b25fd19ed9a4e37bbbd0e37b3845/chrome/browser/prerender/prerender_browsertest.cc
[modify] https://crrev.com/7926e90cb2f6b25fd19ed9a4e37bbbd0e37b3845/chrome/browser/prerender/prerender_final_status.cc
[modify] https://crrev.com/7926e90cb2f6b25fd19ed9a4e37bbbd0e37b3845/chrome/browser/prerender/prerender_final_status.h
[add] https://crrev.com/7926e90cb2f6b25fd19ed9a4e37bbbd0e37b3845/chrome/test/data/password/autosignin.html
[modify] https://crrev.com/7926e90cb2f6b25fd19ed9a4e37bbbd0e37b3845/components/password_manager/content/browser/credential_manager_impl.cc
[modify] https://crrev.com/7926e90cb2f6b25fd19ed9a4e37bbbd0e37b3845/components/password_manager/content/browser/credential_manager_impl_unittest.cc
[modify] https://crrev.com/7926e90cb2f6b25fd19ed9a4e37bbbd0e37b3845/components/password_manager/core/browser/password_manager_client.cc
[modify] https://crrev.com/7926e90cb2f6b25fd19ed9a4e37bbbd0e37b3845/components/password_manager/core/browser/password_manager_client.h
[modify] https://crrev.com/7926e90cb2f6b25fd19ed9a4e37bbbd0e37b3845/tools/metrics/histograms/histograms.xml

Comment 3 by vasi...@chromium.org, Oct 28 2016

Status: Fixed (was: Assigned)

Project Member

Comment 4 by bugdroid1@chromium.org, Nov 15 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3c50f35f90524844e9f69bc19bd05a0dd34351d5

commit 3c50f35f90524844e9f69bc19bd05a0dd34351d5
Author: xidachen <xidachen@chromium.org>
Date: Tue Nov 15 18:50:39 2016

Ship ImageBitmapRenderingContext

We have 3 lgtms from API owners:
https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/toKFfP_oOac

Let's ship it!

BUG= 658732 

Review-Url: https://codereview.chromium.org/2495213008
Cr-Commit-Position: refs/heads/master@{#432224}

[modify] https://crrev.com/3c50f35f90524844e9f69bc19bd05a0dd34351d5/third_party/WebKit/LayoutTests/platform/linux/virtual/stable/webexposed/global-interface-listing-expected.txt
[modify] https://crrev.com/3c50f35f90524844e9f69bc19bd05a0dd34351d5/third_party/WebKit/LayoutTests/platform/win/virtual/stable/webexposed/global-interface-listing-expected.txt
[modify] https://crrev.com/3c50f35f90524844e9f69bc19bd05a0dd34351d5/third_party/WebKit/LayoutTests/virtual/stable/webexposed/global-interface-listing-expected.txt
[modify] https://crrev.com/3c50f35f90524844e9f69bc19bd05a0dd34351d5/third_party/WebKit/Source/modules/imagebitmap/ImageBitmapRenderingContext.idl

Comment 5 by vabr@chromium.org, Nov 29

Cc: -vabr@chromium.org

►

Issue 658732 link

Issue metadata

Credential Manager API should be suppressed for prerendered pages

Issue description

Comment 1 by bugdroid1@chromium.org, Oct 25 2016

Comment 1 Deleted

Comment 2 by bugdroid1@chromium.org, Oct 27 2016

Comment 2 Deleted

Comment 3 by vasi...@chromium.org, Oct 28 2016

Comment 3 Deleted

Comment 4 by bugdroid1@chromium.org, Nov 15 2016

Comment 4 Deleted

Comment 5 by vabr@chromium.org, Nov 29

Comment 5 Deleted

Sign in to add a comment