Add dedicated flag in chrome://flags for FedCM interception
This CL splits the WebID feature into 2:
Part#1: FedCM JavaScript API https://wicg.github.io/FedCM/
Part#2: HTTP filter which observes HTTP traffic,
detects if an HTTP request is likely for authentication, and displays
FedCM browser UI if the HTTP request is likely for authentication.
The reason for the split is that we are planning on going to dev trial
with the JavaScript API but without the HTTP filtering.
This CL switches the chrome://flags WebID flag from having 2 states to
having 3
State #1: FedCM disabled
State #2: FedCM JavaScript API enabled but HTTP filtering off
State #3: FedCM JavaScript API enabled and HTTP filtering off
This CL also renames flag related code from WebID->FedCM.
BUG=1267916
Change-Id: I420ac8a28795942923aa0270b00ad0c4286d56e3
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3290265
Commit-Queue: Peter Kotwicz <[email protected]>
Reviewed-by: Camille Lamy <[email protected]>
Reviewed-by: Ken Buchanan <[email protected]>
Reviewed-by: Yi Gu <[email protected]>
Cr-Commit-Position: refs/heads/main@{#947390}
diff --git a/chrome/browser/about_flags.cc b/chrome/browser/about_flags.cc
index 7031096..b4b3763 100644
--- a/chrome/browser/about_flags.cc
+++ b/chrome/browser/about_flags.cc
@@ -2325,6 +2325,13 @@
kDrawPredictedPointExperiment2Points3Ms,
base::size(kDrawPredictedPointExperiment2Points3Ms), nullptr}};
+const FeatureEntry::FeatureParam kFedCmVariationInterception[] = {
+ {features::kFedCmInterceptionFieldTrialParamName, "true"}};
+const FeatureEntry::FeatureVariation kFedCmFeatureVariations[] = {
+ {"- with FedCM HTTP filtering (very experimental)",
+ kFedCmVariationInterception, base::size(kFedCmVariationInterception),
+ nullptr}};
+
#if BUILDFLAG(IS_CHROMEOS_ASH)
const FeatureEntry::Choice kForceControlFaceAeChoices[] = {
{"Default", "", ""},
@@ -7112,9 +7119,11 @@
flag_descriptions::kMediaSessionWebRTCDescription, kOsAll,
FEATURE_VALUE_TYPE(media::kMediaSessionWebRTC)},
- {"webid", flag_descriptions::kWebIdName,
- flag_descriptions::kWebIdDescription, kOsAll,
- FEATURE_VALUE_TYPE(features::kWebID)},
+ {"fedcm", flag_descriptions::kFedCmName,
+ flag_descriptions::kFedCmDescription, kOsAll,
+ FEATURE_WITH_PARAMS_VALUE_TYPE(features::kFedCm,
+ kFedCmFeatureVariations,
+ "FedCmFeatureVariations")},
#if BUILDFLAG(IS_CHROMEOS_ASH)
{"bluetooth-sessionized-metrics",
diff --git a/chrome/browser/flag-metadata.json b/chrome/browser/flag-metadata.json
index 536939e..634fa30c 100644
--- a/chrome/browser/flag-metadata.json
+++ b/chrome/browser/flag-metadata.json
@@ -3073,6 +3073,11 @@
"expiry_milestone": 101
},
{
+ "name": "fedcm",
+ "owners": [ "goto", "[email protected]"],
+ "expiry_milestone": 110
+ },
+ {
"name": "feed-back-to-top",
"owners": [ "//chrome/android/feed/OWNERS", "[email protected]" ],
"expiry_milestone": 101
@@ -5646,11 +5651,6 @@
"expiry_milestone": 100
},
{
- "name": "webid",
- "owners": [ "goto", "[email protected]"],
- "expiry_milestone": 110
- },
- {
"name": "webnotes-publish",
"owners": [ "sebsg", "gayane"],
"expiry_milestone": 97
diff --git a/chrome/browser/flag_descriptions.cc b/chrome/browser/flag_descriptions.cc
index 8985a79e..c7626be 100644
--- a/chrome/browser/flag_descriptions.cc
+++ b/chrome/browser/flag_descriptions.cc
@@ -1333,6 +1333,10 @@
const char kEffectiveConnectionType3GDescription[] = "3G";
const char kEffectiveConnectionType4GDescription[] = "4G";
+const char kFedCmName[] = "FedCM";
+const char kFedCmDescription[] =
+ "Enables JavaScript API to intermediate federated identity requests.";
+
const char kFileHandlingAPIName[] = "File Handling API";
const char kFileHandlingAPIDescription[] =
"Enables the file handling API, allowing websites to register as file "
@@ -2683,11 +2687,6 @@
"Enables experimental supports for Web Bundles (Bundled HTTP Exchanges) "
"navigation.";
-const char kWebIdName[] = "WebID";
-const char kWebIdDescription[] =
- "Enables WebID HTTP filtering and JavaScript "
- "API to intermediate federated identity requests.";
-
const char kWebMidiName[] = "Web MIDI";
const char kWebMidiDescription[] =
"Enables the implementation of the Web MIDI API. When disabled the "
diff --git a/chrome/browser/flag_descriptions.h b/chrome/browser/flag_descriptions.h
index 043bf542..920d582 100644
--- a/chrome/browser/flag_descriptions.h
+++ b/chrome/browser/flag_descriptions.h
@@ -766,6 +766,9 @@
extern const char kEffectiveConnectionType3GDescription[];
extern const char kEffectiveConnectionType4GDescription[];
+extern const char kFedCmName[];
+extern const char kFedCmDescription[];
+
extern const char kFileHandlingAPIName[];
extern const char kFileHandlingAPIDescription[];
@@ -1535,9 +1538,6 @@
extern const char kWebBundlesName[];
extern const char kWebBundlesDescription[];
-extern const char kWebIdName[];
-extern const char kWebIdDescription[];
-
extern const char kWebMidiName[];
extern const char kWebMidiDescription[];
diff --git a/content/browser/browser_interface_binders.cc b/content/browser/browser_interface_binders.cc
index 2efe9b9..bff09f7b 100644
--- a/content/browser/browser_interface_binders.cc
+++ b/content/browser/browser_interface_binders.cc
@@ -765,7 +765,7 @@
base::Unretained(host)));
}
- if (IsWebIDEnabled()) {
+ if (IsFedCmEnabled()) {
map->Add<blink::mojom::FederatedAuthRequest>(base::BindRepeating(
&RenderFrameHostImpl::BindFederatedAuthRequestReceiver,
base::Unretained(host)));
diff --git a/content/browser/renderer_host/render_frame_host_impl.cc b/content/browser/renderer_host/render_frame_host_impl.cc
index 18ccf93..fa73c2ba 100644
--- a/content/browser/renderer_host/render_frame_host_impl.cc
+++ b/content/browser/renderer_host/render_frame_host_impl.cc
@@ -9610,13 +9610,13 @@
void RenderFrameHostImpl::BindFederatedAuthRequestReceiver(
mojo::PendingReceiver<blink::mojom::FederatedAuthRequest> receiver) {
- DCHECK(IsWebIDEnabled());
+ DCHECK(IsFedCmEnabled());
FederatedAuthRequestService::Create(this, std::move(receiver));
}
void RenderFrameHostImpl::BindFederatedAuthResponseReceiver(
mojo::PendingReceiver<blink::mojom::FederatedAuthResponse> receiver) {
- DCHECK(IsWebIDEnabled());
+ DCHECK(IsFedCmEnabled());
FederatedAuthResponseImpl::Create(this, std::move(receiver));
}
diff --git a/content/browser/webid/federated_auth_navigation_throttle.cc b/content/browser/webid/federated_auth_navigation_throttle.cc
index de26aef..df71812 100644
--- a/content/browser/webid/federated_auth_navigation_throttle.cc
+++ b/content/browser/webid/federated_auth_navigation_throttle.cc
@@ -54,7 +54,7 @@
std::unique_ptr<NavigationThrottle>
FederatedAuthNavigationThrottle::MaybeCreateThrottleFor(
NavigationHandle* handle) {
- if (!IsWebIDEnabled() || !handle->IsInMainFrame())
+ if (!IsFedCmInterceptionEnabled() || !handle->IsInMainFrame())
return nullptr;
return std::make_unique<FederatedAuthNavigationThrottle>(handle);
diff --git a/content/browser/webid/federated_auth_navigation_throttle_unittest.cc b/content/browser/webid/federated_auth_navigation_throttle_unittest.cc
index 8f1bb4e..f9447bb 100644
--- a/content/browser/webid/federated_auth_navigation_throttle_unittest.cc
+++ b/content/browser/webid/federated_auth_navigation_throttle_unittest.cc
@@ -26,6 +26,8 @@
namespace {
+typedef std::unique_ptr<base::test::ScopedFeatureList> MovableScopedFeatureList;
+
constexpr char kOauthRequestParams[] =
"?client_id=12345&scope=67890&"
"redirect_uri=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Frp.example%2F";
@@ -64,6 +66,14 @@
"https://idp.example", NavigationThrottle::DEFER},
};
+MovableScopedFeatureList InitScopedFeatureList() {
+ auto scoped_feature_list = std::make_unique<base::test::ScopedFeatureList>();
+ scoped_feature_list->InitAndEnableFeatureWithParameters(
+ features::kFedCm,
+ {{features::kFedCmInterceptionFieldTrialParamName, "true"}});
+ return scoped_feature_list;
+}
+
} // namespace
class FederatedAuthNavigationThrottleTest : public RenderViewHostTestHarness {
@@ -106,20 +116,19 @@
MockNavigationHandle top_frame_handle(url, main_rfh());
MockNavigationHandle child_frame_handle(url_child, child_rfh);
- // Attempt to create throttle for the main frame without features::kWebID set.
+ // Attempt to create throttle for the main frame without features::kFedCm set.
auto throttle = FederatedAuthNavigationThrottle::MaybeCreateThrottleFor(
&top_frame_handle);
ASSERT_FALSE(throttle);
- base::test::ScopedFeatureList scoped_feature_list;
- scoped_feature_list.InitAndEnableFeature(features::kWebID);
+ MovableScopedFeatureList scoped_feature_list = InitScopedFeatureList();
- // Attempt to create throttle for a child frame with features::kWebID set.
+ // Attempt to create throttle for a child frame with features::kFedCm set.
throttle = FederatedAuthNavigationThrottle::MaybeCreateThrottleFor(
&child_frame_handle);
ASSERT_FALSE(throttle);
- // Attempt to create throttle for the main frame with features::kWebID set.
+ // Attempt to create throttle for the main frame with features::kFedCm set.
throttle = FederatedAuthNavigationThrottle::MaybeCreateThrottleFor(
&top_frame_handle);
ASSERT_TRUE(throttle);
@@ -134,8 +143,7 @@
MockNavigationHandle handle(idp_url, main_rfh());
handle.set_initiator_origin(url::Origin::Create(GURL("https://rp.example")));
- base::test::ScopedFeatureList scoped_feature_list;
- scoped_feature_list.InitAndEnableFeature(features::kWebID);
+ MovableScopedFeatureList scoped_feature_list = InitScopedFeatureList();
auto throttle =
FederatedAuthNavigationThrottle::MaybeCreateThrottleFor(&handle);
@@ -161,8 +169,7 @@
MockNavigationHandle handle(idp_url, main_rfh());
handle.set_initiator_origin(url::Origin::Create(GURL(test_case.rp_origin)));
- base::test::ScopedFeatureList scoped_feature_list;
- scoped_feature_list.InitAndEnableFeature(features::kWebID);
+ MovableScopedFeatureList scoped_feature_list = InitScopedFeatureList();
auto throttle =
FederatedAuthNavigationThrottle::MaybeCreateThrottleFor(&handle);
diff --git a/content/browser/webid/flags.cc b/content/browser/webid/flags.cc
index 1007a943..c71cf31 100644
--- a/content/browser/webid/flags.cc
+++ b/content/browser/webid/flags.cc
@@ -5,14 +5,19 @@
#include "flags.h"
#include "base/command_line.h"
+#include "base/metrics/field_trial_params.h"
#include "content/public/common/content_features.h"
#include "content/public/common/content_switches.h"
namespace content {
-// Whether WebID is enabled or not.
-bool IsWebIDEnabled() {
- return base::FeatureList::IsEnabled(features::kWebID);
+bool IsFedCmEnabled() {
+ return base::FeatureList::IsEnabled(features::kFedCm);
+}
+
+bool IsFedCmInterceptionEnabled() {
+ return GetFieldTrialParamByFeatureAsBool(
+ features::kFedCm, features::kFedCmInterceptionFieldTrialParamName, false);
}
} // namespace content
diff --git a/content/browser/webid/flags.h b/content/browser/webid/flags.h
index fc2f4ec2..74c47df 100644
--- a/content/browser/webid/flags.h
+++ b/content/browser/webid/flags.h
@@ -9,8 +9,11 @@
namespace content {
-// Whether WebID is enabled or not.
-bool IsWebIDEnabled();
+// Whether the FedCM JavaScript API is enabled.
+bool IsFedCmEnabled();
+
+// Whether FedCM HTTP filtering is enabled.
+bool IsFedCmInterceptionEnabled();
} // namespace content
diff --git a/content/browser/webid/webid_browsertest.cc b/content/browser/webid/webid_browsertest.cc
index c802188d..48d4c4e 100644
--- a/content/browser/webid/webid_browsertest.cc
+++ b/content/browser/webid/webid_browsertest.cc
@@ -183,7 +183,7 @@
// that the network shard for fetching the .well-known file is different
// from that used for other IdP transactions, to prevent data leakage.
features.push_back(net::features::kSplitCacheByNetworkIsolationKey);
- features.push_back(features::kWebID);
+ features.push_back(features::kFedCm);
scoped_feature_list_.InitWithFeatures(features, {});
command_line->AppendSwitch(switches::kIgnoreCertificateErrors);
diff --git a/content/child/runtime_features.cc b/content/child/runtime_features.cc
index 5eca7ee9..ba5d5ae 100644
--- a/content/child/runtime_features.cc
+++ b/content/child/runtime_features.cc
@@ -303,7 +303,7 @@
{wf::EnableVideoPlaybackQuality, features::kVideoPlaybackQuality},
{wf::EnableVideoWakeLockOptimisationHiddenMuted,
media::kWakeLockOptimisationHiddenMuted},
- {wf::EnableWebID, features::kWebID},
+ {wf::EnableWebID, features::kFedCm},
#if defined(OS_ANDROID)
{wf::EnableWebNfc, features::kWebNfc, kSetOnlyIfOverridden},
#endif
diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc
index c970551..a1738ab 100644
--- a/content/public/common/content_features.cc
+++ b/content/public/common/content_features.cc
@@ -345,6 +345,13 @@
};
#endif
+// Enables JavaScript API to intermediate federated identity requests.
+const base::Feature kFedCm{"FedCm", base::FEATURE_DISABLED_BY_DEFAULT};
+
+// Field trial boolean parameter which indicates whether FedCM HTTP filtering is
+// enabled.
+const char kFedCmInterceptionFieldTrialParamName[] = "Interception";
+
// Enables scrollers inside Blink to store scroll offsets in fractional
// floating-point numbers rather than truncating to integers.
const base::Feature kFractionalScrollOffsets{"FractionalScrollOffsets",
@@ -1024,9 +1031,6 @@
const base::Feature kWebGLImageChromium{"WebGLImageChromium",
base::FEATURE_ENABLED_BY_DEFAULT};
-// Enable browser mediation API for federated identity interactions.
-const base::Feature kWebID{"WebID", base::FEATURE_DISABLED_BY_DEFAULT};
-
// Enable the browser process components of the Web MIDI API. This flag does not
// control whether the API is exposed in Blink.
const base::Feature kWebMidi{"WebMidi", base::FEATURE_ENABLED_BY_DEFAULT};
diff --git a/content/public/common/content_features.h b/content/public/common/content_features.h
index f1bc59f..4d83f299 100644
--- a/content/public/common/content_features.h
+++ b/content/public/common/content_features.h
@@ -86,6 +86,8 @@
CONTENT_EXPORT extern const base::Feature
kForwardMemoryPressureEventsToGpuProcess;
#endif
+CONTENT_EXPORT extern const base::Feature kFedCm;
+CONTENT_EXPORT extern const char kFedCmInterceptionFieldTrialParamName[];
CONTENT_EXPORT extern const base::Feature kFractionalScrollOffsets;
CONTENT_EXPORT extern const base::Feature kGreaseUACH;
CONTENT_EXPORT extern const base::Feature kHistoryPreventSandboxedNavigation;
@@ -257,7 +259,6 @@
CONTENT_EXPORT extern const base::Feature kWebBundles;
CONTENT_EXPORT extern const base::Feature kWebBundlesFromNetwork;
CONTENT_EXPORT extern const base::Feature kWebGLImageChromium;
-CONTENT_EXPORT extern const base::Feature kWebID;
CONTENT_EXPORT extern const base::Feature kWebMidi;
CONTENT_EXPORT extern const base::Feature kWebOtpBackendAuto;
CONTENT_EXPORT extern const base::Feature kWebPayments;
diff --git a/tools/metrics/histograms/enums.xml b/tools/metrics/histograms/enums.xml
index fc57589..6a7e8f4 100644
--- a/tools/metrics/histograms/enums.xml
+++ b/tools/metrics/histograms/enums.xml
@@ -50342,6 +50342,7 @@
<int value="-1019760093" label="PrintWithPostScriptType42Fonts:enabled"/>
<int value="-1019492310"
label="OmniboxUIExperimentJogTextfieldOnPopup:enabled"/>
+ <int value="-1018983714" label="FedCm:enabled"/>
<int value="-1018454657" label="SharingPeerConnectionReceiver:enabled"/>
<int value="-1016669222" label="CloudPrinterHandler:enabled"/>
<int value="-1016202433" label="disable-add-to-shelf"/>
@@ -50651,6 +50652,7 @@
<int value="-787876637" label="HomeLauncherGestures:enabled"/>
<int value="-787426248" label="ChromeHomeSurvey:disabled"/>
<int value="-787238455" label="OmniboxZeroSuggestionsOnSERP:disabled"/>
+ <int value="-785528415" label="FedCm:disabled"/>
<int value="-784199026" label="EnableFilesAppCopyImage:enabled"/>
<int value="-780798969" label="disable-single-click-autofill"/>
<int value="-778126349" label="DownloadsLocationChange:enabled"/>
