[fuchsia] Add workaround to allow loading Mixed Content with IP address

WebEngine can be configured to allow loading Mixed Content, and some WebEngine tests rely on this. Add an ifdef workaround for now to unblock tests while exploring long term solution. Note that this reverts Fuchsia Cast Receivers to the behavior before crrev.com/c/4032146. Bug: 1434475, 1434440, 1158379, b/276471968 Change-Id: I8850610ee88993301592f4d543d794c0bb178838 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4443033 Code-Coverage: Findit <findit-for-me@appspot.gserviceaccount.com> Reviewed-by: Nate Chapin <japhet@chromium.org> Reviewed-by: David Dorwin <ddorwin@chromium.org> Auto-Submit: David Song <wintermelons@google.com> Commit-Queue: Srinivas Sista <srinivassista@chromium.org> Commit-Queue: Nate Chapin <japhet@chromium.org> Cr-Commit-Position: refs/heads/main@{#1132550}
qweri0p · Apr 19, 2023 · e3dc8da · e3dc8da
1 parent 5907a46
commit e3dc8da
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 5 deletions.
diff --git a/third_party/blink/renderer/core/loader/mixed_content_checker.cc b/third_party/blink/renderer/core/loader/mixed_content_checker.cc
@@ -32,6 +32,8 @@
 #include "base/feature_list.h"
 #include "base/features.h"
 #include "base/metrics/field_trial_params.h"
+#include "build/build_config.h"
+#include "build/chromecast_buildflags.h"
 #include "services/network/public/cpp/is_potentially_trustworthy.h"
 #include "third_party/abseil-cpp/absl/types/optional.h"
 #include "third_party/blink/public/common/features.h"
@@ -452,15 +454,24 @@ bool MixedContentChecker::ShouldBlockFetch(
           mojom::blink::InsecureRequestPolicy::kLeaveInsecureRequestsAlone ||
       settings->GetStrictMixedContentChecking();
 
-  const bool is_ip_address = GURL(url).HostIsIPAddress();
-
   mojom::blink::MixedContentContextType context_type =
       MixedContent::ContextTypeFromRequestContext(
           request_context, DecideCheckModeForPlugin(settings));
 
   switch (context_type) {
     case mojom::blink::MixedContentContextType::kOptionallyBlockable:
-      allowed = !strict_mode && !is_ip_address;
+
+#if BUILDFLAG(IS_FUCHSIA) && BUILDFLAG(ENABLE_CAST_RECEIVER)
+      // Fuchsia WebEngine can be configured to allow loading Mixed Content from
+      // an insecure IP address. This is a workaround to revert Fuchsia Cast
+      // Receivers to the behavior before crrev.com/c/4032146.
+      // TODO(crbug.com/1434440): Remove this workaround when there is a better
+      // way to disable blocking Mixed Content with an IP address.
+      allowed = !strict_mode;
+#else
+      allowed = !strict_mode && !GURL(url).HostIsIPAddress();
+#endif  // BUILDFLAG(IS_FUCHSIA) && BUILDFLAG(ENABLE_CAST_RECEIVER)
+
       if (allowed) {
         if (content_settings_client)
           content_settings_client->PassiveInsecureContentFound(url);

diff --git a/third_party/blink/renderer/core/loader/mixed_content_checker_test.cc b/third_party/blink/renderer/core/loader/mixed_content_checker_test.cc
@@ -7,6 +7,8 @@
 #include <memory>
 
 #include "base/memory/scoped_refptr.h"
+#include "build/build_config.h"
+#include "build/chromecast_buildflags.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "third_party/blink/public/mojom/fetch/fetch_api_request.mojom-blink.h"
@@ -257,12 +259,20 @@ TEST(MixedContentCheckerTest, DetectUpgradeableMixedContent) {
   mojo::Remote<mojom::blink::ContentSecurityNotifier> notifier_remote;
   notifier_remote.Bind(mock_notifier.BindNewPipeAndPassRemote());
 
-  EXPECT_TRUE(MixedContentChecker::ShouldBlockFetch(
+  const bool blocked = MixedContentChecker::ShouldBlockFetch(
       &dummy_page_holder->GetFrame(), mojom::blink::RequestContextType::AUDIO,
       network::mojom::blink::IPAddressSpace::kPublic, http_ip_address_audio_url,
       ResourceRequest::RedirectStatus::kNoRedirect, http_ip_address_audio_url,
       absl::optional<String>(), ReportingDisposition::kSuppressReporting,
-      *notifier_remote));
+      *notifier_remote);
+
+#if BUILDFLAG(IS_FUCHSIA) && BUILDFLAG(ENABLE_CAST_RECEIVER)
+  // Mixed Content from an insecure IP address is not blocked for Fuchsia Cast
+  // Receivers.
+  EXPECT_FALSE(blocked);
+#else
+  EXPECT_TRUE(blocked);
+#endif  // BUILDFLAG(IS_FUCHSIA) && BUILDFLAG(ENABLE_CAST_RECEIVER)
 }
 
 class TestFetchClientSettingsObject : public FetchClientSettingsObject {