Lookalikes: Add digital asset links support
This CL adds the initial version of Digital Asset Links support to
lookalike checks. The goal of this feature is to allow site owners
to allowlist lookalike sites they own.
With this feature, we now attempt to fetch DAL manifests when a
lookalike URL is detected. Assume that the lookalike heuristics match
https://lookalike-site.com to https://target-site.com. The feature works
as follows:
1. The lookalike manifest is fetched from
https://lookalike-site.com/.well-known/assetlinks.json. If the fetch
fails, the interstitial is shown.
2. An entry with "lookalikes/allowlist" relationship is searched in the
manifest with a value of "https://target-site.com". If not found, the
interstitial is shown.
3. If a valid entry is found, the target manifest is fetched from
https://target-site.com/.well-known/assetlinks.json. If the fetch fails,
the interstitial is shown.
4. An entry with "lookalikes/allowlist" relationship is searched in the
manifest with a value of "https://lookalike-site.com". If not found, the
interstitial is shown.
5. If a valid entry is found, the sites are assumed to be co-owned, so
the interstitial isn't shown.
Future work:
- This CL currently waits indefinitely for the manifest fetches. Future
CLs will limit the waiting time.
- Metrics need to be added.
- More edge cases should be added for manifest URLs that redirect or end
up with an SSL errors.
- Caching of manifests or validation results need to be implemented.
- The actual relationship type to use in the manifest is TBD. Currently
it's "lookalikes/allowlist".
Bug: 1175385
Change-Id: I29f6c00a6fbf6e583c99af4950342df61b178d18
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2680131
Commit-Queue: Mustafa Emre Acer <[email protected]>
Reviewed-by: Peter Conn <[email protected]>
Reviewed-by: Joe DeBlasio <[email protected]>
Cr-Commit-Position: refs/heads/master@{#853148}
diff --git a/chrome/browser/BUILD.gn b/chrome/browser/BUILD.gn
index fbb9c0fa..10df4e46 100644
--- a/chrome/browser/BUILD.gn
+++ b/chrome/browser/BUILD.gn
@@ -611,6 +611,8 @@
"infobars/infobar_responder.h",
"infobars/infobar_service.cc",
"infobars/infobar_service.h",
+ "installable/digital_asset_links/digital_asset_links_handler.cc",
+ "installable/digital_asset_links/digital_asset_links_handler.h",
"installable/installable_utils.cc",
"installable/installable_utils.h",
"internal_auth.cc",
@@ -668,6 +670,8 @@
"login_detection/oauth_login_detector.h",
"login_detection/password_store_sites.cc",
"login_detection/password_store_sites.h",
+ "lookalikes/digital_asset_links_cross_validator.cc",
+ "lookalikes/digital_asset_links_cross_validator.h",
"lookalikes/lookalike_url_blocking_page.cc",
"lookalikes/lookalike_url_blocking_page.h",
"lookalikes/lookalike_url_controller_client.cc",
@@ -5328,8 +5332,6 @@
]
} else { # is_android || is_chromeos_ash
sources += [
- "installable/digital_asset_links/digital_asset_links_handler.cc",
- "installable/digital_asset_links/digital_asset_links_handler.h",
"media/protected_media_identifier_permission_context.cc",
"media/protected_media_identifier_permission_context.h",
]
