New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 703477 link

Starred by 2 users
Status: Fixed
Owner:
timloh@chromium.org
Closed: Mar 2017
Cc:
mgiuca@chromium.org
owe...@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 3
Type: Bug

Blocking:
issue 587623



Sign in to add a comment

getInstalledRelatedApps: Restrict to HTTPS/non-incognito only

Project Member Reported by mgiuca@chromium.org, Mar 21 2017 
Chrome Version: 59
OS: Android

getInstalledRelatedApps explainer:
https://github.com/WICG/get-installed-related-apps/blob/master/EXPLAINER.md
states that "This feature only works with sites using HTTPS" and "The User Agent should return no installed applications when running in a privacy preserving mode".

Therefore, it should be disabled when in a non-secure (http://) connection or in incognito mode in Chrome.
Project Member

Comment 1 by bugdroid1@chromium.org, Mar 21 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1d2d74238c94507cfd774ccb3b50626c9f89c9cf

commit 1d2d74238c94507cfd774ccb3b50626c9f89c9cf
Author: timloh <timloh@chromium.org>
Date: Tue Mar 21 06:33:15 2017

Restrict Navigator.getInstalledRelatedApps() to secure contexts.

This patch adds to Navigator.getInstalledRelatedApps() the IDL attribute
[SecureContext], restricting the function to secure contexts.

The explainer for getInstalledRelatedApps() states that it "only works
with sites using HTTPS."

https://github.com/WICG/get-installed-related-apps/blob/master/EXPLAINER.md

BUG= 703477 

Review-Url: https://codereview.chromium.org/2765783002
Cr-Commit-Position: refs/heads/master@{#458327}

[add] https://crrev.com/1d2d74238c94507cfd774ccb3b50626c9f89c9cf/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/get-installed-related-apps-on-insecure-origin.html
[modify] https://crrev.com/1d2d74238c94507cfd774ccb3b50626c9f89c9cf/third_party/WebKit/Source/modules/installedapp/NavigatorInstalledApp.cpp
[modify] https://crrev.com/1d2d74238c94507cfd774ccb3b50626c9f89c9cf/third_party/WebKit/Source/modules/installedapp/NavigatorInstalledApp.idl
Project Member

Comment 2 by bugdroid1@chromium.org, Mar 27 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/16dbfc61f5335aef68b05282eba042632b2ea9a8

commit 16dbfc61f5335aef68b05282eba042632b2ea9a8
Author: timloh <timloh@chromium.org>
Date: Mon Mar 27 02:46:38 2017

Restrict getInstalledRelatedApps() to non-incognito contexts.

The explainer doc states:
"The User Agent should return no installed applications when running in
a privacy preserving mode, for example Incognito in Chrome".

https://github.com/WICG/get-installed-related-apps/blob/master/EXPLAINER.md

BUG= 703477 
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_site_isolation

Review-Url: https://codereview.chromium.org/2769993002
Cr-Commit-Position: refs/heads/master@{#459691}

[modify] https://crrev.com/16dbfc61f5335aef68b05282eba042632b2ea9a8/content/browser/frame_host/render_frame_host_android.cc
[modify] https://crrev.com/16dbfc61f5335aef68b05282eba042632b2ea9a8/content/public/android/java/src/org/chromium/content/browser/framehost/RenderFrameHostImpl.java
[modify] https://crrev.com/16dbfc61f5335aef68b05282eba042632b2ea9a8/content/public/android/java/src/org/chromium/content/browser/installedapp/InstalledAppProviderFactory.java
[modify] https://crrev.com/16dbfc61f5335aef68b05282eba042632b2ea9a8/content/public/android/java/src/org/chromium/content/browser/installedapp/InstalledAppProviderImpl.java
[modify] https://crrev.com/16dbfc61f5335aef68b05282eba042632b2ea9a8/content/public/android/junit/src/org/chromium/content/browser/installedapp/InstalledAppProviderTest.java

Comment 3 by timloh@chromium.org, Mar 27 2017

Status: Fixed (was: Assigned)

Sign in to add a comment