[WIP] Disable navigator.connection attribute by default.

Fixes brave/brave-browser#20122

browser/about_flags.cc

@@ -265,12 +265,21 @@ constexpr char kTabAudioIconInteractiveDescription[] =
     "Enable the Tab audio indicator to also be a button which can mute and "
     "unmute the Tab.";
 
-// A blink feature.
+// Blink features.
 constexpr char kFileSystemAccessAPIName[] = "File System Access API";
 constexpr char kFileSystemAccessAPIDescription[] =
     "Enables the File System Access API, giving websites access to the file "
     "system";
 
+constexpr char kNavigatorConnectionAttributeName[] =
+    "Enable navigator.connection attribute";
+constexpr char kNavigatorConnectionAttributeDescription[] =
+    "Enables navigator.connection attribute. Enabling this "
+    "attribute may expose privacy harming information that can be used for "
+    "fingerprinting, as well as by more determined attackers, for potentially "
+    "learning about user's traveling patterns (including when the user is at "
+    "home or not).";
+
 }  // namespace
 
 }  // namespace flag_descriptions
@@ -483,6 +492,10 @@ constexpr char kFileSystemAccessAPIDescription[] =
       flag_descriptions::kFileSystemAccessAPIName,                          \
       flag_descriptions::kFileSystemAccessAPIDescription, kOsDesktop,       \
       FEATURE_VALUE_TYPE(blink::features::kFileSystemAccessAPI)},           \
+    {"navigator-connection-attribute",                                      \
+      flag_descriptions::kNavigatorConnectionAttributeName,                 \
+      flag_descriptions::kNavigatorConnectionAttributeDescription, kOsAll,  \
+      FEATURE_VALUE_TYPE(blink::features::kNavigatorConnectionAttribute)},  \
     {"tab-audio-icon-interactive",                                          \
       flag_descriptions::kTabAudioIconInteractiveName,                      \
       flag_descriptions::kTabAudioIconInteractiveDescription,               \

chromium_src/third_party/blink/common/features.cc

@@ -36,6 +36,9 @@ OVERRIDE_FEATURE_DEFAULT_STATES({{
 const base::Feature kFileSystemAccessAPI{"FileSystemAccessAPI",
                                          base::FEATURE_DISABLED_BY_DEFAULT};
 
+const base::Feature kNavigatorConnectionAttribute{
+    "NavigatorConnectionAttribute", base::FEATURE_DISABLED_BY_DEFAULT};
+
 // Enable blink::MemoryCache partitioning for non SameSite requests.
 const base::Feature kPartitionBlinkMemoryCache{
     "PartitionBlinkMemoryCache", base::FEATURE_DISABLED_BY_DEFAULT};

chromium_src/third_party/blink/public/common/features.h

@@ -12,6 +12,7 @@ namespace blink {
 namespace features {
 
 BLINK_COMMON_EXPORT extern const base::Feature kFileSystemAccessAPI;
+BLINK_COMMON_EXPORT extern const base::Feature kNavigatorConnectionAttribute;
 BLINK_COMMON_EXPORT extern const base::Feature kPartitionBlinkMemoryCache;
 
 }  // namespace features

chromium_src/third_party/blink/renderer/DEPS

@@ -1,4 +1,5 @@
 include_rules = [
+  "+../gen/third_party/blink/renderer/bindings/modules/v8",
   "+../gen/third_party/blink/renderer/core/origin_trials",
   "+mojo/public/cpp/bindings",
   "+services/network/public/mojom",

chromium_src/third_party/blink/renderer/bindings/modules/v8/v8_navigator.cc

@@ -0,0 +1,10 @@
+/* Copyright (c) 2021 The Brave Authors. All rights reserved.
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "third_party/blink/renderer/platform/bindings/idl_member_installer.h"
+
+#define InstallAttributes BraveInstallAttributes
+#include "../gen/third_party/blink/renderer/bindings/modules/v8/v8_navigator.cc"
+#undef InstallAttributes

chromium_src/third_party/blink/renderer/platform/bindings/idl_member_installer.cc

@@ -0,0 +1,53 @@
+/* Copyright (c) 2021 The Brave Authors. All rights reserved.
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "src/third_party/blink/renderer/platform/bindings/idl_member_installer.cc"
+
+#include "base/strings/string_piece.h"
+#include "third_party/blink/public/common/features.h"
+
+namespace blink {
+
+namespace bindings {
+
+constexpr char kConnection[] = "connection";
+
+// static
+void IDLMemberInstaller::BraveInstallAttributes(
+    v8::Isolate* isolate,
+    const DOMWrapperWorld& world,
+    v8::Local<v8::Template> instance_template,
+    v8::Local<v8::Template> prototype_template,
+    v8::Local<v8::Template> interface_template,
+    v8::Local<v8::Signature> signature,
+    base::span<const AttributeConfig> configs) {
+  for (const auto& config : configs) {
+    if (!base::FeatureList::IsEnabled(
+            blink::features::kNavigatorConnectionAttribute) &&
+        base::StringPiece(config.name).compare(kConnection) == 0) {
+      continue;
+    }
+    InstallAttribute(isolate, world, instance_template, prototype_template,
+                     interface_template, signature, config);
+  }
+}
+
+// static
+void IDLMemberInstaller::BraveInstallAttributes(
+    v8::Isolate* isolate,
+    const DOMWrapperWorld& world,
+    v8::Local<v8::Object> instance_object,
+    v8::Local<v8::Object> prototype_object,
+    v8::Local<v8::Object> interface_object,
+    v8::Local<v8::Signature> signature,
+    base::span<const AttributeConfig> configs) {
+  IDLMemberInstaller::InstallAttributes(isolate, world, instance_object,
+                                        prototype_object, interface_object,
+                                        signature, configs);
+}
+
+}  // namespace bindings
+
+}  // namespace blink

chromium_src/third_party/blink/renderer/platform/bindings/idl_member_installer.h

@@ -0,0 +1,28 @@
+/* Copyright (c) 2021 The Brave Authors. All rights reserved.
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef BRAVE_CHROMIUM_SRC_THIRD_PARTY_BLINK_RENDERER_PLATFORM_BINDINGS_IDL_MEMBER_INSTALLER_H_
+#define BRAVE_CHROMIUM_SRC_THIRD_PARTY_BLINK_RENDERER_PLATFORM_BINDINGS_IDL_MEMBER_INSTALLER_H_
+
+#define BRAVE_IDL_MEMBER_INSTALLER_H_                     \
+  static void BraveInstallAttributes(                     \
+      v8::Isolate* isolate, const DOMWrapperWorld& world, \
+      v8::Local<v8::Template> instance_template,          \
+      v8::Local<v8::Template> prototype_template,         \
+      v8::Local<v8::Template> interface_template,         \
+      v8::Local<v8::Signature> signature,                 \
+      base::span<const AttributeConfig> configs);         \
+  static void BraveInstallAttributes(                     \
+      v8::Isolate* isolate, const DOMWrapperWorld& world, \
+      v8::Local<v8::Object> instance_object,              \
+      v8::Local<v8::Object> prototype_object,             \
+      v8::Local<v8::Object> interface_object,             \
+      v8::Local<v8::Signature> signature,                 \
+      base::span<const AttributeConfig> configs);
+
+#include "src/third_party/blink/renderer/platform/bindings/idl_member_installer.h"
+#undef BRAVE_IDL_MEMBER_INSTALLER_H_
+
+#endif  // BRAVE_CHROMIUM_SRC_THIRD_PARTY_BLINK_RENDERER_PLATFORM_BINDINGS_IDL_MEMBER_INSTALLER_H_

patches/third_party-blink-renderer-platform-bindings-idl_member_installer.h.patch

@@ -0,0 +1,12 @@
+diff --git a/third_party/blink/renderer/platform/bindings/idl_member_installer.h b/third_party/blink/renderer/platform/bindings/idl_member_installer.h
+index 095f734a2af6f8348414746208315e45a4c9222e..4a9907328353620abd594698613159e093757319 100644
+--- a/third_party/blink/renderer/platform/bindings/idl_member_installer.h
++++ b/third_party/blink/renderer/platform/bindings/idl_member_installer.h
+@@ -184,6 +184,7 @@ class PLATFORM_EXPORT IDLMemberInstaller final {
+       v8::Local<v8::Object> interface_object,
+       v8::Local<v8::Signature> signature,
+       base::span<const ExposedConstructConfig> configs);
++  BRAVE_IDL_MEMBER_INSTALLER_H_
+ };
+
+ }  // namespace bindings

renderer/test/BUILD.gn

@@ -11,6 +11,7 @@ source_set("browser_tests") {
   sources = [
     "digital_goods_api_browsertest.cc",
     "file_system_access_browsertest.cc",
+    "navigator_connection_attribute_browsertest.cc",
     "serial_api_browsertest.cc",
     "subresource_web_bundles_browsertest.cc",
   ]

renderer/test/navigator_connection_attribute_browsertest.cc

@@ -0,0 +1,84 @@
+/* Copyright (c) 2021 The Brave Authors. All rights reserved.
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "base/path_service.h"
+#include "base/strings/string_util.h"
+#include "base/test/scoped_feature_list.h"
+#include "brave/common/brave_paths.h"
+#include "chrome/browser/ui/browser.h"
+#include "chrome/browser/ui/tabs/tab_strip_model.h"
+#include "chrome/test/base/in_process_browser_test.h"
+#include "chrome/test/base/ui_test_utils.h"
+#include "content/public/browser/render_frame_host.h"
+#include "content/public/browser/web_contents.h"
+#include "content/public/test/browser_test.h"
+#include "content/public/test/browser_test_utils.h"
+#include "net/dns/mock_host_resolver.h"
+#include "net/test/embedded_test_server/embedded_test_server.h"
+#include "third_party/blink/public/common/features.h"
+#include "url/gurl.h"
+
+class NavigatorConnectionAttributeBrowserTest
+    : public InProcessBrowserTest,
+      public ::testing::WithParamInterface<bool> {
+ public:
+  NavigatorConnectionAttributeBrowserTest()
+      : https_server_(net::EmbeddedTestServer::TYPE_HTTPS) {
+    brave::RegisterPathProvider();
+    base::FilePath test_data_dir;
+    base::PathService::Get(brave::DIR_TEST_DATA, &test_data_dir);
+    https_server_.SetSSLConfig(net::EmbeddedTestServer::CERT_OK);
+    https_server_.ServeFilesFromDirectory(test_data_dir);
+  }
+
+  ~NavigatorConnectionAttributeBrowserTest() override = default;
+
+  bool IsNavigatorConnectionAttributeEnabled() { return GetParam(); }
+
+  void SetUp() override {
+    if (IsNavigatorConnectionAttributeEnabled()) {
+      scoped_feature_list_.InitAndEnableFeature(
+          blink::features::kNavigatorConnectionAttribute);
+    }
+    InProcessBrowserTest::SetUp();
+  }
+
+  void SetUpOnMainThread() override {
+    InProcessBrowserTest::SetUpOnMainThread();
+
+    EXPECT_TRUE(https_server_.Start());
+    // Map all hosts to localhost.
+    host_resolver()->AddRule("*", "127.0.0.1");
+  }
+
+  content::WebContents* web_contents() {
+    return browser()->tab_strip_model()->GetActiveWebContents();
+  }
+
+  content::RenderFrameHost* main_frame() {
+    return web_contents()->GetMainFrame();
+  }
+
+ protected:
+  net::EmbeddedTestServer https_server_;
+  base::test::ScopedFeatureList scoped_feature_list_;
+};
+
+IN_PROC_BROWSER_TEST_P(NavigatorConnectionAttributeBrowserTest,
+                       IsAttributeAvailable) {
+  EXPECT_EQ(IsNavigatorConnectionAttributeEnabled(),
+            base::FeatureList::IsEnabled(
+                blink::features::kNavigatorConnectionAttribute));
+
+  const GURL url = https_server_.GetURL("/simple.html");
+  ASSERT_TRUE(ui_test_utils::NavigateToURL(browser(), url));
+
+  auto result = content::EvalJs(main_frame(), "'connection' in navigator");
+  EXPECT_EQ(result.value.GetBool(), IsNavigatorConnectionAttributeEnabled());
+}
+
+INSTANTIATE_TEST_SUITE_P(NavigatorConnectionAttributeBrowserTest,
+                         NavigatorConnectionAttributeBrowserTest,
+                         ::testing::Bool());