search

uazo / cromite

Cromite a Bromite fork with ad blocking and privacy enhancements; take back your browser!
https://www.cromite.org/
GNU General Public License v3.0
3.55k stars 84 forks source link

Add UI for INSECURE_PRIVATE_NETWORK site setting (default disabled) #344

Closed uazo closed 7 months ago

uazo commented 1 year ago

Intel® Driver & Support Assistant seems to be able to access to localhost, but is it correct that the user is not notified?

check:

uazo commented 1 year ago

temporary workaround: set chrome://flags/#private-network-access-respect-preflight-results

uazo commented 1 year ago

check what are they for ContentSettingsType::INSECURE_PRIVATE_NETWORK and ContentSettingsType::PRIVATE_NETWORK_GUARD

Issue 1338439: Prototyping permission prompt for private network access https://bugs.chromium.org/p/chromium/issues/detail?id=1338439

idl change third_party/blink/renderer/core/fetch/request.idl

uazo commented 1 year ago

so INSECURE_PRIVATE_NETWORK and PRIVATE_NETWORK_GUARD are two different things. the first is a policy-based on/off and allows access or denial to any local resource for all sites, unless InsecurePrivateNetworkRequestsAllowedForUrls is set. the second one is more interesting but is a work in progress and allows the choice between which resources the website can access. the first one is stable, but it would lack the ui and especially the prompt to the user

uazo commented 1 year ago

so, the site setting only works in Allow mode and is not active in workers. This is unfortunate because it does not allow me to open a bug in chromium.... What's more, I noticed that the check is done only after the connection to the endpoint, so through a timing check it would still be possible to derive whether a port on a local address turns out to be open or not. However, the modification seems feasible.

uazo commented 1 year ago

wip patch https://gist.github.com/uazo/e61cf8d777f4111c059466d6c6184972 temporarily suspended for rebase on v112

uazo commented 1 year ago

check PageSpecificContentSettings::MaybeNotifySiteDataObservers() whether it is possible to show info to the user via the ui

uazo commented 1 year ago

check LocalNetworkAccessChecker::CheckInternal

uazo commented 1 year ago

Localhost access permission in brave

uazo commented 1 year ago

Intent to Prototype: Private Network Access restrictions for automotive http://groups.google.com/a/chromium.org/group/blink-dev/t/30ed8798a6857bc7 https://docs.google.com/document/d/1FYPIeP90MQ_pQ6UAo0mCB3g2Z_AynfPWHbDnHIST6VI/edit

uazo commented 1 year ago

new flag in v117: kPrivateNetworkAccessForWorkers kPrivateNetworkAccessForIframesWarningOnly see FeatureStateForContext in content/browser/renderer_host/private_network_access_util.cc