Add chrome://flags/#force-empty-CORB-and-CORS-allowlist flag.
This CL adds a new chrome://flag as an easy alternative to manually
ensuring that there are no Chrome processes and then launching Chrome
with --force-empty-corb-allowlist cmdline flag. The new flag is:
chrome://flags/#force-empty-CORB-and-CORS-allowlist
Additionally the CL slightly tweaks the text and metadata for
the already existing chrome://flag that can be used to opt into
or out of the CORS-for-content-scripts changes that are planned
to ship in Chrome 85. This existing flag is:
chrome://flags/#cors-for-content-scripts
Screenshot of the flags can be found here:
https://drive.google.com/file/d/1xPpHGMmjgMOYDEZH1U02XvAxDHDPMwoc/view
Bug: 920638
Change-Id: I0d2b44dbf58db7dacb3addc67e4be977cd9437de
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2243717
Reviewed-by: Charlie Reis <[email protected]>
Commit-Queue: Ćukasz Anforowicz <[email protected]>
Cr-Commit-Position: refs/heads/master@{#778603}
diff --git a/chrome/browser/about_flags.cc b/chrome/browser/about_flags.cc
index 55064f8..1cb8a42 100644
--- a/chrome/browser/about_flags.cc
+++ b/chrome/browser/about_flags.cc
@@ -3668,10 +3668,17 @@
FEATURE_VALUE_TYPE(features::kHandwritingGesture)},
#endif // OS_CHROMEOS
+#if BUILDFLAG(ENABLE_EXTENSIONS)
{"cors-for-content-scripts", flag_descriptions::kCorsForContentScriptsName,
flag_descriptions::kCorsForContentScriptsDescription, kOsDesktop,
FEATURE_VALUE_TYPE(network::features::kCorbAllowlistAlsoAppliesToOorCors)},
+ {"force-empty-CORB-and-CORS-allowlist",
+ flag_descriptions::kForceEmptyCorbAndCorsAllowlistName,
+ flag_descriptions::kForceEmptyCorbAndCorsAllowlistDescription, kOsDesktop,
+ SINGLE_VALUE_TYPE(extensions::switches::kForceEmptyCorbAllowlist)},
+#endif
+
{"cross-origin-opener-policy",
flag_descriptions::kCrossOriginOpenerPolicyName,
flag_descriptions::kCrossOriginOpenerPolicyDescription, kOsAll,
diff --git a/chrome/browser/flag-metadata.json b/chrome/browser/flag-metadata.json
index 2656b3e..930a3cb 100644
--- a/chrome/browser/flag-metadata.json
+++ b/chrome/browser/flag-metadata.json
@@ -659,8 +659,8 @@
},
{
"name": "cors-for-content-scripts",
- "owners": [ "lukasza" ],
- "expiry_milestone": 85
+ "owners": [ "lukasza", "creis", "rdcronin" ],
+ "expiry_milestone": 89
},
{
"name": "credit-card-scanner",
@@ -2594,6 +2594,11 @@
"expiry_milestone": -1
},
{
+ "name": "force-empty-CORB-and-CORS-allowlist",
+ "owners": [ "lukasza", "creis", "rdcronin" ],
+ "expiry_milestone": 89
+ },
+ {
"name": "force-show-update-menu-badge",
"owners": [ "//chrome/android/java/src/org/chromium/chrome/browser/omaha/OWNERS" ],
// This is required by test teams to verify functionality on devices which
diff --git a/chrome/browser/flag_descriptions.cc b/chrome/browser/flag_descriptions.cc
index 6db22cd..c79ea66 100644
--- a/chrome/browser/flag_descriptions.cc
+++ b/chrome/browser/flag_descriptions.cc
@@ -778,7 +778,20 @@
const char kCorsForContentScriptsName[] = "CORS for content scripts";
const char kCorsForContentScriptsDescription[] =
- "Prevent content scripts of Chrome Extensions from bypassing CORS.";
+ "Prevent content scripts of Chrome Extensions from bypassing CORS. "
+ "For more information about the allowlist and the changes to the "
+ "security model of content scripts, please see: "
+ "https://www.chromium.org/Home/chromium-security/"
+ "extension-content-script-fetches";
+
+const char kForceEmptyCorbAndCorsAllowlistName[] =
+ "Force empty CORB and CORS allowlist";
+const char kForceEmptyCorbAndCorsAllowlistDescription[] =
+ "Removes all Chrome Extensions from the CORB and CORS allowlist. "
+ "For more information about the allowlist and the changes to the "
+ "security model of content scripts, please see: "
+ "https://www.chromium.org/Home/chromium-security/"
+ "extension-content-script-fetches";
const char kCrossOriginOpenerPolicyName[] = "Cross Origin Opener Policy";
const char kCrossOriginOpenerPolicyDescription[] =
diff --git a/chrome/browser/flag_descriptions.h b/chrome/browser/flag_descriptions.h
index e3e77878..64d155d 100644
--- a/chrome/browser/flag_descriptions.h
+++ b/chrome/browser/flag_descriptions.h
@@ -445,6 +445,8 @@
extern const char kCorsForContentScriptsName[];
extern const char kCorsForContentScriptsDescription[];
+extern const char kForceEmptyCorbAndCorsAllowlistName[];
+extern const char kForceEmptyCorbAndCorsAllowlistDescription[];
extern const char kCrossOriginOpenerPolicyName[];
extern const char kCrossOriginOpenerPolicyDescription[];
diff --git a/tools/metrics/histograms/enums.xml b/tools/metrics/histograms/enums.xml
index 3cf287d4..e8c8e921 100644
--- a/tools/metrics/histograms/enums.xml
+++ b/tools/metrics/histograms/enums.xml
@@ -39032,6 +39032,7 @@
<int value="-1832575380" label="show-saved-copy"/>
<int value="-1832221649" label="disable-out-of-process-pac"/>
<int value="-1830472348" label="CryptAuthV2DeviceSync:enabled"/>
+ <int value="-1830199297" label="force-empty-corb-allowlist"/>
<int value="-1826649921" label="ContextualSuggestionsButton:disabled"/>
<int value="-1826309726" label="ArcCustomTabsExperiment:disabled"/>
<int value="-1823193038" label="QuietNotificationPrompts:disabled"/>
